SMB: can still access share after checking "Disable password login" and server reboot...

[guermantes]

So I am trying to get to know my way around the sharing+permissions ecosystem, but one thing confuses me.

I tried to revoke access rights to my SMB-shares for USER1, by checking the "Disable password login" in Modify user. But after desktop and server reboot, USER1 can still enter credentials and access the shares. It says explicitly in the manual that "when checked, disables password logins and authentication to SMB shares".

What am I not understanding?

 

[dlavigne]

Which FreeNAS build version (System -> Information) and which client OS version?

 

[guermantes]

FreeNAS-11.0-U4 (54848d13b)
Linux Mint 18.1 (Nemo file manager) / Windows 7 64.bit (Windows explorer) / Windows 8.1 (Windows explorer)

 

[Ericloewe]

So I am trying to get to know my way around the sharing+permissions ecosystem, but one thing confuses me.

I tried to revoke access rights to my SMB-shares for USER1, by checking the "Disable password login" in Modify user. But after desktop and server reboot, USER1 can still enter credentials and access the shares. It says explicitly in the manual that "when checked, disables password logins and authentication to SMB shares".

What am I not understanding?

That is not the expected behavior, but it is also the wrong way of doing things, since you're not actually setting the correct permissions and relying on the user not being able to authenticate in the first place.

https://forums.freenas.org/index.php?resources/freenas-and-samba-smb-permissions-video.8/

 

[guermantes]

@Ericloewe , I actually did watch those videos. The first was very instructive, the second was too fast and a little bit all over the place for my knowledge level. Anyway, @m0nkey_ 's videos did not really address my situation (at least not explicitly).

If the right way is to only use permissions to regulate people's access to shares (and allowing everyone with user and pass to log in but at the lowest level not present them with any files/folders when they do so), then what does that snippet from the manual even mean, "when checked, disables password logins and authentication to SMB shares"?

 

[Ericloewe]

Users can still access the server via SSH using their private keys.

 

[guermantes]

So then I should have been able prevent the login by ticking that checkbox? (I admit, I did not really have a purpose/use case, was just trying to understand how things relate to each other.)

It seems to me that the only way I can prevent a user from using their credentials to log in is to never assign them a password in the first place, because ticking the checkbox in retrospect seems to have no effect. Either that or I have managed to sabotage my install... (which I have been careful not to do) :)